Lead Security Operations Engineer

CloudLinux is seeking a Lead Security Operations Engineer to enhance their cybersecurity posture. This role involves driving the development and implementation of detection, incident response, and threat intelligence capabilities. Key responsibilities include incorporating security practices into infrastructure, collaborating with development teams, creating detection rules, managing cloud security controls, and investigating security alerts. The ideal candidate will have strong experience in SecOps, incident response, and Linux-based systems, with a focus on innovation and continuous improvement.

Must Have

• Incorporate security practices into infrastructure and automation processes.
• Collaborate with development and operations teams to embed security measures.
• Create detection rules to catch attackers.
• Stay current with security standards/regulations.
• Identify security innovation tools/lead implementation solutions.
• Manage/implement cloud security controls (identity, access management, organizational policies).
• Evolve tooling/logging/monitoring/alerting systems.
• Triage, investigate, and escalate security alerts, provide remediation recommendations.
• Document procedures and best practices.
• Configure and operate security scanning tools.
• Develop a comprehensive understanding of systems, environments, and tools.
• Experience in an IT/security-related role (SecOps/Blue Team experience).
• Experience in triaging security alerts/executing incident response.
• Experience with building, configuring, and managing patch management tools.
• Practical knowledge of EDR, Vulnerability Scanner, SIEM, Cloud.
• Practical knowledge of network/endpoint security, security alert triage, basic application security.
• Experience building and maintaining monitoring and alerting capabilities.
• Deep expertise with Linux-based operating systems.
• Critical thinking and ability to balance security requirements.
• IT Security enthusiast with thorough knowledge in security and software development spaces.
• Thorough understanding of latest technologies, security principles, and protocols.
• Ability to demonstrate comprehensive research, collection, and analytic methods.
• At least C1 English proficiency.

Good to Have

• Relevant information security certifications (CISSP, OSCP, OSCE, LPT).
• Experience in modern container orchestration projects.
• Experience with cloud vendors (GCP, Azure, AWS).
• Knowledge of/experience with international information security standards (ISO 27XXX, PCI DSS, GDPR).
• Knowledge of/experience with information security standards and frameworks (PKI, WS-Security, X.509, SSL/TLS).
• Bachelor's degree in Computer Science, Information Security, or related field.
• Experience in CTF or bug bounty programs.
• Knowledge of application security practices and tools.

Perks & Benefits

• A focus on professional development.
• Interesting and challenging projects.
• Fully remote work with flexible working hours.
• Paid 24 days of vacation per year.
• 10 days of national holidays.
• Unlimited sick leaves.
• Compensation for private medical insurance.
• Co-working and gym/sports reimbursement.
• Budget for education.
• Opportunity to receive a reward for the most innovative idea that the company can patent.

Description

-----------

CloudLinux is a global remote-first company. We are driven by our principles: do the right thing, employees first, we are remote first, and we deliver high-volume, low-cost Linux infrastructure and security products that help companies to increase the efficiency of their operations. Every person on our team supports each other and does what we can to ensure we are all successful. We are truly a great place to work.

Check out our website for more information https://cloudlinux.com/

We are looking for a Lead Security Operations Engineer who will drive the development, implementation, and operational excellence of our detection, incident response, and threat intelligence capabilities. This role requires expertise in analyzing large datasets, building and maintaining Detection & Response infrastructure, and deploying cybersecurity tools at the infrastructure level. You will play a key role in strengthening CloudLinux’s security posture by enhancing visibility, improving response processes, and collaborating across teams to lead critical security initiatives.

As a Lead Security Operations Engineer, you will:

• Incorporate security practices into our infrastructure and automation processes.
• Collaborate with development and operations teams to embed security measures into the entire software development lifecycle.
• Create detection rules to catch attackers. Pursue unusual strategies to try to radically improve our ability to detect attackers and the speed of detection.
• Stay current with security standards/regulations.
• Identify security innovation tools/lead implementation solutions from proof of concept to production.
• Manage/implement cloud security controls - identity, access management, organizational policies. Evolve our tooling/logging/monitoring/alerting systems, increasing observability and transparency.
• Triage, investigate, and escalate security alerts, and provide recommendations for remediation.
• Document procedures and best practices to ensure effective knowledge sharing.
• Configure and operate security scanning tools, collaborating with internal and external engineering teams to optimize alert rules.
• Develop a comprehensive understanding of systems, environments, and tools.

Requirements

------------

To be successful in this role, you should have:

• Experience in an IT/security-related role (SecOps/Blue Team experience, etc.).
• Experience in triaging security alerts/executing incident response. Experience with building, configuring, and managing patch management tools.
• Practical knowledge of tools and/or tech stack components (such as EDR, Vulnerability Scanner, SIEM, Cloud).
• Practical knowledge of fundamental security concepts, including network/endpoint security, security alert triage, and basic application security.
• Experience building and maintaining monitoring and alerting capabilities.
• Deep expertise with Linux-based operating systems
• Critical thinking and the ability to balance security requirements with mission needs. Innovative approach.
• Be an IT Security enthusiast with thorough knowledge and expertise in the security and software development spaces.
• Thorough understanding of the latest technologies, security principles, and protocols.
• Ability to demonstrate comprehensive, practical knowledge of research and collection skills as well as analytic methods.
• At least C1 and a higher level of English proficiency.

It would be a plus if you also have:

• Relevant information security certifications: CISSP, OSCP, OSCE, LPT, etc.
• Experience in modern container orchestration projects. Have experience with cloud vendors - GCP, Azure, AWS.
• Knowledge of/experience with international information security standards and personal data protection standards: ISO 27XXX, PCI DSS, GDPR, etc.
• Knowledge of/experience with information security standards and frameworks: PKI, WS-Security, X.509, SSL/TLS, etc.
• Bachelor's degree in Computer Science, Information Security, or related field.
• Experience in CTF or bug bounty programs.
• Knowledge of application security practices and tools.

Benefits

--------

What's in it for you?

• A focus on professional development.
• Interesting and challenging projects.
• Fully remote work with flexible working hours, which allows you to schedule your day and work from any location worldwide.
• Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves.
• Compensation for private medical insurance.
• Co-working and gym/sports reimbursement.
• Budget for education.
• The opportunity to receive a reward for the most innovative idea that the company can patent.